Certbot

certbot^[1] is a fully-featured, extensible client for the Let’s Encrypt CA (or any other CA that speaks the ACME protocol defined in 2015-2016) that can automate the tasks of obtaining certificates and configuring webservers to use them. This client runs on Unix-based operating systems.

• apt install certbot

Ubuntu:

• Binaries: certbot and letscrypt
• Renewals configuration: /etc/cron.d/certbot

Examples

To request a certificate:

• Stop your webserver: systemctl nginx stop
• certbot certonly --standalone --preferred-challenges http -d YOUR_DOMAIN_NAME.com
• certbot certonly --standalone --agree-tos --preferred-challenges dns -d *.YOUR_DOMAIN_NAME.com (You will be asked for information)

nginx.conf

ssl_certificate /etc/letsencrypt/live/www.example.com/fullchain.pem;

ssl_certificate_key /etc/letsencrypt/live/www.example.com/privkey.pem;

certonly --standalone

certbot --nginx
Saving debug log to /var/log/letsencrypt/letsencrypt.log
The requested nginx plugin does not appear to be installed

certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
No certs found.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

certbot renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

No renewals were attempted.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

certbot renew --force-renewal

certbot delete --cert-name YOUR_CERT_NAME
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Deleted all files relating to certificate YOUR_CERT_NAME.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

• Changing a Certificdate's Domain^[2]: certbot certonly --cert-name example.com -d example.org,www.example.org
• Automated renewals: systemctl list-timers

Activities

• Read certbot certbot changelog: https://github.com/certbot/certbot/blob/master/certbot/CHANGELOG.md

See also

• HTTP, HTTP client, HTTP/1.1, HTTP/2, HTTP/3, HTTPS, HSTS CSR, TLS, SSL, openSSL, WebSockets, WebRTC, ssl_certificate QUIC, HPKP, CT, List of HTTP status codes, URL redirection, Content-type:, Webhook, HTTP headers, --insecure, Axios HTTP client, HTTP cookies, HTTP ETag, Hypertext Transfer Protocol -- HTTP/1.1
• CA, Root Certificates, FreeIPA, PKI, OpenCA, Wildcard certificate, certtool, certbot (Let's Encrypt), certinfo (Cloudflare), ACME, Boulder, cfssl (Cloudflare), Public key certificate, public key, TLS and X.509, OCSP, Subject Alternative Name (SAN), openssl ca, Self signed certificate, CSR, keytool, ACM, KMS, aws acm, IdenTrust, multirootca, cert-manager, ca_cert_identifier
• DNS: Linux DNS, IP, systemd-resolve, /etc/hosts, whois, Domain registrar, dig, host, nslookup, scutil --dns dnsmasq, bind, delv, .local, .internal, .onion, FQDN, TTL, /etc/resolv.conf, /etc/systemd/resolved.conf, dscacheutil (macOS), hostname, hostnamectl, bind, resolvectl status, DNS sinkhole, Domain name server, LLMNR, Resource records:MX, TXT, NS, CAA, SSHFP, Apex, CNAME, Wildcard DNS records, Subdomain, /etc/nsswitch.conf, 1.1.1.1, 8.8.8.8, CoreDNS, dnsPolicy:, Google Public DNS, DNS caches, Kubernetes ExternalDNS, DNS forwarding, IDNA2008, DNS-1035, Domain name registrars, Split-view DNS, Pi-hole, NextDNS